<?php
require_once APPLICATION_PATH . '/modules/digUser/Exception.php';

class DigUser_Bootstrap extends Zend_Application_Module_Bootstrap 
{
    /**
     * create the acl instance and register it with the core
     *
     * this registers all of the acl settings from the module's ini files
     * @example user.acl = guest -> guests are allowed to access any resource in the module
     * @example user.acl.index = guest -> guests are allowed to access the index controller
     * @example user.acl.index.list = guest -> guests are allowed to access the index controllers list action
     *
     * this follows the secure by default scheme: if a resource is not registered then only super admins can access it
     *
     */
    protected function _initAcl()
    {
        // TODO     need to finish setting this up so you can specify a module, controller, etc
        // the roles are fixed for the first release
        $acl = new DigUser_Library_Acl();
        Dig_Service_Core::setParam('acl', $acl);
        $roles = Dig_Service_Module::settings('digUser', 'acl');
        $acl->addRoles($roles['role']);
        DigUser_Service_User::allow(null, 'default');
        $modules = Dig_Service_Module::listAll();
        foreach ($modules as $module => $settings) {
            // default to superuser only
            if($module != 'default') {
                DigUser_Service_User::allow('administrator', $module);
                if(isset($settings['user']['acl'])) {
                    $moduleAcl = $settings['user']['acl'];
                    if(is_array($moduleAcl)) {
                        foreach ($moduleAcl as $controller => $details) {
                            if(is_array($details)) {
                                foreach ($details as $action => $role) {
                                    DigUser_Service_User::allow($role, $module, $controller, $action);
                                }
                            } else {
                                DigUser_Service_User::allow($details, $module, $controller);
                            }
                        }
                    } else {
                        DigUser_Service_User::allow($moduleAcl, $module);
                    }
                }
            }
        }
        // these are developer only resources
        // TODO create a method to do this dynamically
        DigUser_Service_User::deny('administrator', 'dig', 'settings');
        //Zend_Debug::dump(DigUser_Service_User::isAllowed('administrator', 'dig', 'settings'));
        $front = Zend_Controller_Front::getInstance();
        $front->registerPlugin(new DigUser_Plugin_Acl());
    }
}
?>